MCP Code Analyzer MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add mcp-code-analyzer -- npx mcp-code-analyzer analyze ./my-project
README.md

MCP orchestrator for code security, quality, and architecture analysis.

MCP Code Analyzer

MCP orchestrator for code security, quality, and architecture analysis. This tool coordinates multiple MCP servers to provide comprehensive code analysis.

Features

  • Security Analysis: Vulnerability scanning via Semgrep, Trivy
  • Code Quality: Linting via ESLint, SonarQube
  • Dependency Analysis: Vulnerability scanning via Snyk, npm audit
  • Architecture Analysis: Complexity metrics, dead code detection
  • Knowledge Graph: Semantic code analysis, impact analysis
  • Scoring System: 0-100 scores with A-F grades
  • Historical Trends: Track improvements over time

Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                      Interfaces                                     │
├─────────────┬─────────────────────┬─────────────────────────────────┤
│   CLI       │    REST API         │    MCP Server (for Claude)      │
└─────────────┴─────────────────────┴─────────────────────────────────┘
                              │
                    ┌─────────▼─────────┐
                    │  MCP ORCHESTRATOR │
                    │  - Client Manager │
                    │  - Job Scheduler  │
                    │  - Retry Logic    │
                    │  - Normalizer     │
                    │  - Score Engine   │
                    └─────────┬─────────┘
                              │
        ┌─────────────────────┼─────────────────────┐
        │                     │                     │
   ┌────▼────┐          ┌─────▼─────┐         ┌────▼────┐
   │ Semgrep │          │  ESLint   │         │  Snyk   │
   │  Trivy  │          │ SonarQube │         │npm audit│
   └─────────┘          └───────────┘         └─────────┘

Installation

npm install -g mcp-code-analyzer

Or run directly with npx:

npx mcp-code-analyzer analyze ./my-project

Usage

CLI

# Analyze a local project
mcp-analyze analyze ./my-project

# Analyze a GitHub repository
mcp-analyze analyze https://github.com/user/repo

# Specify scanners
mcp-analyze analyze ./my-project --scanners security,quality

# Generate report
mcp-analyze report <analysis-id> --format md

# View history
mcp-analyze history ./my-project

# Compare analyses
mcp-analyze compare <id1> <id2>

# Start REST API
mcp-analyze serve --port 3000

# Start MCP server (for Claude)
mcp-analyze mcp

MCP Integration (Claude Desktop)

Add to your Claude Desktop config:

{
  "mcpServers": {
    "code-analyzer": {
      "command": "npx",
      "args": ["-y", "mcp-code-analyzer", "mcp"]
    }
  }
}

MCP Integration (Claude Code)

Claude Code supports MCP servers at two scopes:

Project-level (single project)

Create a .mcp.json file in your project root:

{
  "mcpServers": {
    "mcp-security": {
      "command": "node",
      "args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
      "cwd": "/path/to/mcp_security"
    }
  }
}

This makes the MCP server available only when working in that specific project.

User-level (all projects)

Add to your ~/.claude.json file:

{
  "mcpServers": {
    "mcp-security": {
      "command": "node",
      "args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
      "cwd": "/path/to/mcp_security"
    }
  }
}

This makes the MCP server available globally across all your projects.

After configuration
  1. Restart VSCode (or start a new Claude Code conversation)
  2. The MCP tools will be available as mcp__mcp-security__<tool_name>
Claude Code Tool Description
mcp__mcp-security__analyze_project Run full analysis on a project
mcp__mcp-security__get_analysis_report Get detailed report
mcp__mcp-security__compare_analyses Compare two analyses
mcp__mcp-security__list_project_analyses View analysis history
mcp__mcp-security__get_findings Get filtered findings
mcp__mcp-security__get_code_graph Get semantic code graph
mcp__mcp-security__analyze_impact Analyze impact of changes

MCP Tools

Tool Description
analyze_project Run full analysis on a project
get_analysis_report Get detailed report
compare_analyses Compare two analyses
list_project_analyses View analysis history
get_findings Get filtered findings
get_code_graph Get semantic code graph
analyze_impact Analyze impact of changes

Scoring

Each category is scored 0-100:

Category Weight
Security 35%
Quality 25%
Dependencies 25%
Architecture 15%

Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (<60)

Configuration

Create .mcp-analyzer.json in your project root:

{
  "servers": {
    "semgrep": { "enabled": true },
    "eslint": { "enabled": true },
    "snyk": { "enabled": false }
  },
  "scoring": {
    "weights": {
      "security": 0.4,
      "q

Tools (7)

analyze_projectRun full analysis on a project
get_analysis_reportGet detailed report
compare_analysesCompare two analyses
list_project_analysesView analysis history
get_findingsGet filtered findings
get_code_graphGet semantic code graph
analyze_impactAnalyze impact of changes

Configuration

claude_desktop_config.json
{"mcpServers": {"code-analyzer": {"command": "npx", "args": ["-y", "mcp-code-analyzer", "mcp"]}}}

Try it

Run a full security and quality analysis on the current project directory.
Compare the latest two analysis reports for this project to see what has improved.
Show me the semantic code graph for this project to identify architectural complexity.
Generate a markdown report for the most recent analysis ID.
Analyze the impact of my recent changes on the project's security score.

Frequently Asked Questions

What are the key features of MCP Code Analyzer?

Vulnerability scanning via Semgrep and Trivy. Code quality linting via ESLint and SonarQube. Architecture analysis including complexity metrics and dead code detection. Comprehensive scoring system with A-F grades. Historical trend tracking for code improvements.

What can I use MCP Code Analyzer for?

Automating security audits during the development lifecycle. Tracking technical debt and code quality trends over time. Performing impact analysis before merging large pull requests. Standardizing code quality checks across multiple team projects.

How do I install MCP Code Analyzer?

Install MCP Code Analyzer by running: npm install -g mcp-code-analyzer

What MCP clients work with MCP Code Analyzer?

MCP Code Analyzer works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep MCP Code Analyzer docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars